Friday, 31 May 2013

In Part 4 we created our Windows Intune Agent Settings policy. This includes the configuration settings for Endpoint Protection. In Part 5 we enrolled a device and saw that the device became protected almost immediately. In Part 6 of my Windows Intune Step by Step Guide I will provide screenshots of the options that can be configured in the policy.

Right click on the policy and choose Edit. All the items below are configurable.

Computers
will check for updates to policies between 8 and 22 hours, depending on the
configuration of the Windows Intune Agent policies. If you make a change you can force a refresh of
policy on computers by using the Refresh
Policies remote task.

Part 5 of my Windows Intune Step by Step Guide describes how to enroll devices so that they can be managed. Note that we are just dealing with full Windows clients for the purpose of this guide (in my case Windows 8 Enterprise tablets). Further configuration is necessary for mobile devices. You can find more information in theWindows Intune Getting Started Guide

Enrolling Devices

You can enroll
devices in Windows Intune in three ways:

Administrator
Enrollment: The Windows Intune Administrator sets up the device enrollment on
behalf of the end user.

User Enrollment:
The device user self-enrolls using the Windows Intune company
portal.

Embedding in a
deployment image: The Windows Intune Administrator embeds the Windows Intune
service into the operating system deployment images.

I have used the first method for this guide and I enrolled the device on behalf of the user. There are two ways to do this

Extract and see Intune executable file and account certificate file (this file is specific to your Intune subscription - it needs to be in the same folder as the executable for the installation so that your devices are enrolled under the correct subscription).

On device.

Double click Windows_Intune_Setup. Note the Intune account cert in the same folder.

Click Next to install

The client has now been installed and contacts Intune to retrieve the policies we created in Part 4. It will also download and install the Endpoint Protection software and then download the EP definition files.

See Intune processes.

Note the Endpoint Protection icon in the System Tray (the green one). See also the Intune Center (with the yellow exclamation). It is not yet healthy as the EP virus definitions have not been fully downloaded.

New icons available.

New folder structure.

Client is now healthy. Download of definition files is complete.

Client is now fully protected by Endpoint Protection

Device now enrolled -

- and showing healthy status.

InstallationTip: If the device date or time are incorrect the installation will fail.Windows Intune Setup: The software cannot be installed, 0x800b0101

Thursday, 30 May 2013

Part 4 of my Windows Intune Step by Step Guide describes how to configure and deploy policies.

Windows Intune
policies focus on providing you with straightforward settings that help control
the security settings on mobile devices, provide computer updates, ensure
Endpoint Protection, maintain firewall settings, and enhance the end user
experience.

In the workspace
shortcuts pane, click the Policy icon.

Under tasks, click Add Policy

In the Create a New Policy dialog box, the
following policy templates are presented:

Mobile Device Security Policy

Windows Firewall Settings

Windows Intune Agent Settings

Windows Intune Center Settings

I am only managing Windows 8 Enterprise tablets in this series so I do not need to configure the Mobile Device Security Policy (however I have included screenshots of the options at the end of this blog)

I also did not require to manage Windows Firewall settings (however I have included screenshots of the options at the end of this blog)

Select
the Windows Intune Agent Settings template and click Create and Deploy a Policy
with the Recommended Settings.

Add All Computers to the Selected Groups

The policy is now available in the console and can be edited.

The following screenshots show the default policy settings. Each item is configurable.

Select the Windows Intune Center Settings template and click Create and Deploy a Policy with the Recommended Settings.

This allows you to display support information to your users.

Enter your details

Choose to deploy the policy now.

Both deployed policies can be seen in the console.

After these policies
have been deployed, all users or devices inherit these settings as their
baseline policy. You can then review and, if required, edit the details of
these policies from the Policy workspace.

Computers will check
for updates to policies between 8 and 22 hours, depending on the configuration
of the Windows Intune Agent policies. You can force a refresh of policy on
computers by using the "Refresh Policies"
remote task.